<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<p>Hi Xuelei,</p>
<p>After reading over your descriptions and the supporting
documentation this certainly seems like it would be a nice
addition to JSSE. It definitely seems like a performance win for
QUIC and also for bandwidth-constrained devices. I'm all for
seeing this JEP proceed. I'll likely have more comments down the
line and I have taken a look at the proposed code changes and will
go back and do a deeper dive on it. I just don't want to jump any
of the JEP process hoops by talking about code changes before some
of the important first steps for the JEP have been cleared. But
you've got my support on this one!<br>
</p>
<p>--Jamil<br>
</p>
<div class="moz-cite-prefix">On 3/7/2022 11:46 AM,
xueleifan(XueleiFan) wrote:<br>
</div>
<blockquote type="cite" cite="mid:9C3E05A5-6DA1-4E11-91FC-EECC8A101742@Tencent.Com">
<div class=""><span style="font-family: Menlo; font-size: 11px;" class="">Hi,</span></div>
<div class="">
<div class="" style="margin: 0px; font-stretch: normal;
font-size: 11px; line-height: normal; font-family: Menlo;">
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;">
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;"><br class="">
</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">The
TLS Certificate Compression standard was described in
RFC 8879, and has been enabled in browser Chrome and
Safari. What’s TLS Certificate Compression and what’s
the benefits of this feature?</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;"><br class="">
</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">For
TLS connections, a client must authenticate the identity
of the server. This typically involves verification that
the identity of the server is included in a certificate
and that the certificate is issued by a trusted entity.</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;"><br class="">
</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">Where
servers provide certificates for authentication, the
size of the certificate chain can consume a large number
of bytes. Controlling the size of certificate chains is
critical to performance and security in QUIC. TLS
certificate compression has the potential to ameliorate
the attacks/problems by reducing the size of the
handshakes to a size compatible with the security
restriction. The TLS Certificate Compression feature is
an essential part for QUIC-TLS protocols.</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;"><br class="">
</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">For
more details, please refer to section 4.4 in RFC 9001
(Using TLS to Secure QUIC):</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">---------</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">Note:
Where servers provide certificates for authentication,
the size of the certificate chain can consume a large
number of bytes. Controlling the size of certificate
chains is critical to performance in QUIC as servers are
limited to sending 3 bytes for every byte received prior
to validating the client address; see Section 8.1 of
[QUIC-TRANSPORT]. The size of a certificate chain can be
managed by limiting the number of names or extensions;
using keys with small public key representations, like
ECDSA; or by using certificate compression [COMPRESS].</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">————</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><br class="">
</div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">and
a more detailed description in the blog “Does the QUIC
handshake require compression to be fast?”(<a href="https://www.fastly.com/blog/quic-handshake-tls-compression-certificates-extension-study" class="moz-txt-link-freetext" moz-do-not-send="true">https://www.fastly.com/blog/quic-handshake-tls-compression-certificates-extension-study</a>).
I just copy part of the conclusion section of the bog
here for your quick reference.</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">---------</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">First,
the TLS certificate compression extension has a very
large impact on QUIC performance. Even though the
extension is new and being introduced fairly late in the
process when compared to overall QUIC deployment
schedules, it seems quite important for both clients and
servers to implement the new extension so that the QUIC
handshake can live up to its billing. Without some help,
40% of QUIC full handshakes would be no better than TCP,
but compression can repair most of that issue. I have
heard of other non-standardized approaches to reducing
the size of the certificate chain, and they seem
reasonable, but this is a problem worth addressing
immediately with the existing compression extension.</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">...</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">Lastly,
data from the real world again proves to be more
insightful than intuition and is invaluable in making
protocol design and implementation decisions. When I
started this work I expected the impact of compression
to be positive but marginally focused on a few edge
cases. The data shows this optimi</span>zation lands
right on the sweet spot that ties configurations and the
QUIC specification together and impacts a large portion of
QUIC handshakes. My thanks to the authors of the
compression extension.</div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">---------</span></div>
<div class=""><span class="" style="font-variant-ligatures:
no-common-ligatures;"><br class="">
</span></div>
<div class=""><span class="" style="font-variant-ligatures:
no-common-ligatures;"><br class="">
</span></div>
<div class=""><span class="" style="font-variant-ligatures:
no-common-ligatures;">
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">Besides,
reducing the amount of information exchanged during
a TLS handshake to a minimum helps to improve
performance in environments, for example Internet of
Things, where devices are connected to a network
with a low bandwidth and lossy radio technology.</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;"><br class="">
</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">This
feature is a part to improve the performance of TLS
connections, and it is also a part of the path
towards QUIC standards.</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;"><br class="">
</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">Chrome
support TLS certificate compression with Brotil
compression algorithm, and Safari support TLS
certificate compression with Zlib compression
algorithm.</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;"><br class="">
</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">In
a summary, JDK could benefits from supporting RFC
8879 in the following areas:</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;"><br class="">
</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">
Performance - Reduce latency and improve
performance of TLS and QUIC connections by support
the TLS certificate compression standard in JDK.</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">
Security - Mitigate the impact of amplification
attacks threat by reducing the size of the TLS
handshakes with compressed certificates.</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;"><br class="">
</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">What
do you think? Do you want it a part of OpenJDK?
Please feel free to share you comments.</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;"><br class="">
</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">Thanks,</span></div>
<div class="" style="margin: 0px; font-stretch: normal;
line-height: normal;"><span class="" style="font-variant-ligatures: no-common-ligatures;">Xuelei</span></div>
</span></div>
</div>
</div>
</div>
</blockquote>
</body>
</html>